18978 Commits

Author SHA1 Message Date
Michael Niedermayer
8a20774a24 indeo4: Fix global array overread.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-24 14:54:11 +01:00
Carl Eugen Hoyos
5cddfc58d8 Fix linking without yasm. 2012-03-24 14:54:06 +01:00
Kostya Shishkov
494bce6224 ralf: read Huffman code lengths without GetBitContext
Those descriptions are stored in nibbles, so they are easy to extract.
And this way we don't need to pad tables for possible bit reader overreads.
2012-03-24 11:53:26 +01:00
Michael Niedermayer
f58f75dd92 Merge remote-tracking branch 'qatar/master'
* qatar/master:
  rv34: error out on size changes with frame threading
  aacsbr: Add a debug check to sbr_mapping.
  aac: Reset some state variables when turning SBR off
  aac: Reset PS parameters on header decode failure.
  fate: add wmalossless test.
  aacsbr: handle m_max values smaller than 4.

Conflicts:
	libavcodec/aacsbr.c
	tests/fate/lossless-audio.mak

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-24 10:59:43 +01:00
Paul B Mahol
b222c28ee8 libopenjpegenc: switch to encode2()
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Michael Bradshaw <mbradshaw@sorensonmedia.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-24 05:47:11 +01:00
Paul B Mahol
a5b823368a libopenjpeg: make .long_name usefull
Fixes following strange output:

DEV D  libopenjpeg     OpenJPEG based JPEG 2000 encoder

Signed-off-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Michael Bradshaw <mbradshaw@sorensonmedia.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-24 05:45:57 +01:00
Paul B Mahol
68a257e673 bintext: build decoders only if they are actually enabled
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-24 05:44:37 +01:00
Michael Niedermayer
d85b3c4fff vp56dec: avoid freeing the returned frame before returning it.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-24 05:21:39 +01:00
Michael Niedermayer
25715064c2 cavsdec: check for changing w/h.
Our decoder does not support changing w/h.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-24 03:26:52 +01:00
Michael Niedermayer
ba775a54bc indeo3: fix out of picture write.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-24 03:26:51 +01:00
Michael Niedermayer
59a4b73531 pthread/mpegvideo: detect and block attempts to init frames after setup.
This fixes race conditions that ultimately lead to memory corruption.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-24 00:32:18 +01:00
Janne Grunau
cb7190cd2c rv34: error out on size changes with frame threading 2012-03-23 23:11:55 +01:00
Alex Converse
b00307ecd0 aacsbr: Add a debug check to sbr_mapping.
There have been multiple bugs caused by inconsistencies here.

Based on an idea from Michael Niedermayer.

CC: libav-stable@libav.org
2012-03-23 14:56:44 -07:00
Alex Converse
0cb93dacee aac: Reset some state variables when turning SBR off
This makes sure the reset flag gets set when SBR gets turned back on
and sets control variables for unguided mode back to their defaults.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-23 14:56:44 -07:00
Alex Converse
a237b38021 aac: Reset PS parameters on header decode failure.
If the next header frame codes zero envelopes the previous frame's
values will be used. Consequently the invalid values must be cleared.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-23 14:56:44 -07:00
Michael Niedermayer
71c2a70cbf error_concealment: Prevent FPEs in case of corrupted input.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 22:03:32 +01:00
Michael Niedermayer
e2d110d8d2 Merge remote-tracking branch 'qatar/master'
* qatar/master:
  rv34: Handle only complete frames in frame-mt.
  MPV: set reference frame pointers to NULL when allocation of dummy pictures fails
  configure: die if x11grab dependencies are unavailable
  zerocodec: factorize loop
  avconv: fix the resampling safety factors for output audio buffer allocation
  avconv: move audio output buffer allocation to a separate function
  avconv: make the async buffer global and free it in exit_program()

Conflicts:
	ffmpeg.c
	libavcodec/mpegvideo.c
	libavcodec/rv34.c
	libavcodec/zerocodec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 21:20:06 +01:00
Ronald S. Bultje
71ea26811c aacsbr: handle m_max values smaller than 4.
Prevents a signflip in the counter, and a subsequent crash because of
overreads/overwrites.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-23 12:56:08 -07:00
Reimar Döffinger
adb98a3d22 VC1: restore optimizations broken in 9a1ced32.
They were moved into code under HAVE_YASM and most of them
even into completely disabled code with no reason given
for that in the commit message.

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
2012-03-23 19:39:02 +01:00
Paul B Mahol
e730036fdc interplayvideo: give avctx to av_dlog()
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 19:12:34 +01:00
Paul B Mahol
0c57f8197c interplayvideo: remove superfluous strings from av_log()
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 19:11:08 +01:00
Paul B Mahol
a0b07b8fc5 vmdvideo: remove superfluous strings from av_log messages
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 19:05:12 +01:00
Paul B Mahol
89cd95b19c sonic: fix warning about incompatible pointer types
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 19:03:45 +01:00
Janne Grunau
73ad4471a4 rv34: Handle only complete frames in frame-mt.
Correct handling of errors to prevent hags or crashes is very complex
otherwise.

The frame initializing is also moved from decode_slice() to
decode_frame() for clarity.
2012-03-23 17:50:46 +01:00
Janne Grunau
5ab506a5c8 MPV: set reference frame pointers to NULL when allocation of dummy pictures fails 2012-03-23 17:50:46 +01:00
Michael Niedermayer
afa6129016 zerocodec: factorize loop
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-03-23 12:10:41 +01:00
Michael Niedermayer
2e909b3c77 bitstream: build_table, check table_nb_bits.
Fixes null ptr deref.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 11:38:53 +01:00
Michael Niedermayer
aae44fb4cd indeo4: check ref_mb
Fix NULL deref

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 11:03:53 +01:00
Michael Niedermayer
a22e64fd02 rawdec: Check w/h.
Fixes FPE

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 10:48:18 +01:00
Michael Niedermayer
08c37a10e9 mjpegdec: check h/v_count.
Fixes FPE

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 10:24:22 +01:00
Michael Niedermayer
46c7842994 ituh263dec: Implement enough of Annex O (scalability) to fix a FPE.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 10:14:30 +01:00
Michael Niedermayer
cc415956a4 error_conceal: fix FPE in guess_dc() with huge sizes.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 05:21:52 +01:00
Michael Niedermayer
c0a99eae29 indeo4: check band->scan
Fixes null ptr exception

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 04:29:41 +01:00
Paul B Mahol
ae2c33b0c2 cosmetics: remove superfluous curly brackets
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 03:09:07 +01:00
Paul B Mahol
0e465c1a81 huffyuv: remove long time disabled code
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 03:09:07 +01:00
Paul B Mahol
3a085c6a37 huffyuv: do not decode/encode yuv colorspace with odd width
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 03:09:07 +01:00
Michael Niedermayer
ba02069a8e aacdec: prevent channels from exceeding MAX_CHANNELS.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 03:08:58 +01:00
Michael Niedermayer
7c0748c2db eatqi: replace break by goto.
This fixes some heap overread.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 00:50:43 +01:00
Michael Niedermayer
5a4af049b1 aacdec: reset max_sfb on invalid data.
Fixes global out of array read.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-22 23:57:45 +01:00
Michael Niedermayer
3583c8706d vqavideodev: Check image dimensions
Fixes out of heap array read

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-22 23:43:37 +01:00
Michael Niedermayer
464cef4c14 Merge remote-tracking branch 'qatar/master'
* qatar/master:
  xwma: Validate channels and bits_per_coded_sample.
  mov: Do not read past the end of the ctts_data table.
  mov: Add missing terminator to mov_ch_layout_map_1ch.
  asf: reset side data elements on packet copy.
  wmavoice: fix stack overread.
  wmalossless: error out if a subframe is not used by any channel.
  vqa: check palette chunk size before reading data.
  wmalossless: reset sample pointer for each subframe.
  wmalossless: error out on invalid values for order.

Conflicts:
	libavcodec/vqavideo.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-22 23:16:49 +01:00
Michael Niedermayer
9759d2b886 indeo4: check motion vetors.
Fixes out of heap array read.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-22 23:13:00 +01:00
Michael Niedermayer
afc0cc22e1 pngenc: make max_packet_size 64bit check check it.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-22 23:13:00 +01:00
Clément Bœsch
50a3867bab png: make ff_png_pass_mask local to pngdec. 2012-03-22 22:53:51 +01:00
Carl Eugen Hoyos
abdcb4918c Fix libgsm.c compilation after typo in 67b8c8. 2012-03-22 22:01:35 +01:00
Michael Niedermayer
6716e6892b Merge remote-tracking branch 'qatar/master'
* qatar/master:
  FATE: Add ZeroCodec test
  oggparseogm: fix order of arguments of avpriv_set_pts_info().
  pngenc: better upper bound for encoded frame size.
  aiffdec: set block_duration to 1 for PCM codecs that are supported in AIFF-C
  aiffdec: factor out handling of integer PCM for AIFF-C and plain AIFF
  aiffdec: use av_get_audio_frame_duration() to set block_duration for AIFF-C
  aiffdec: do not set bit rate if block duration is unknown
  wmall: output packet only if we have decoded some samples

Conflicts:
	libavcodec/pngenc.c
	tests/fate/lossless-video.mak

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-22 20:59:58 +01:00
Paul B Mahol
b1a0d694ea dcaenc: switch to encode2()
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-22 20:44:24 +01:00
Ronald S. Bultje
262196445c wmavoice: fix stack overread.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-22 12:17:14 -07:00
Ronald S. Bultje
3c9267673e wmalossless: error out if a subframe is not used by any channel.
Prevents infinite loop because min_channel_len never increments.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-22 12:17:14 -07:00
Ronald S. Bultje
75d7975268 vqa: check palette chunk size before reading data.
Prevents overreads beyond buffer boundaries.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-22 12:17:14 -07:00